Users are increasingly performing tasks using remote computing resources, often referred to as part of “the cloud.” This has many advantages, as users do not have to purchase and maintain dedicated hardware and software, and instead can pay for only those resources that are needed at any given time, where those resources typically will be managed by a resource or “cloud” provider. It will often be the case that a user will want one or more cloud resources to perform actions on behalf of the user. In order to enable these actions to be performed, the resources will often need access to customer data. Since some of that data may be sensitive or confidential, a user may not want to enable the resources to have access to that data. The data can be encrypted before being provided to those resources, but if multiple accesses are needed the encrypted data can be different each time such that at least certain tasks cannot be performed without having visibility into the underlying data.